Lucene search

MitreCVE-2005-0189

HistoryFeb 06, 2005 - 5:00 a.m.

CVE-2005-0189

2005-02-0605:00:00

mitre

web.nvd.nist.gov

cve-2005-0189

realplayer

buffer overflow

remote code execution

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

High

EPSS

0.108

Percentile

95.1%

JSON

Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.

Affected configurations

Nvd

Node

realnetworksrealone_playerMatch1.0

realnetworksrealone_playerMatch2.0

realnetworksrealplayerMatch10.0en

realnetworksrealplayerMatch10.0ja

realnetworksrealplayerMatch10.0de

realnetworksrealplayerMatch10.0_6.0.12.690

realnetworksrealplayerMatch10.0_beta

realnetworksrealplayerMatch10.5

realnetworksrealplayerMatch10.5_6.0.12.1016_beta

realnetworksrealplayerMatch10.5_6.0.12.1040

VendorProductVersionCPE
realnetworksrealone_player1.0cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
realnetworksrealone_player2.0cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*
realnetworksrealplayer10.0_6.0.12.690cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*
realnetworksrealplayer10.0_betacpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*
realnetworksrealplayer10.5cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
realnetworksrealplayer10.5_6.0.12.1016_betacpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*
realnetworksrealplayer10.5_6.0.12.1040cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realone_player	1.0	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
realnetworks	realone_player	2.0	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::en::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::ja::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0::de:::::
realnetworks	realplayer	10.0_6.0.12.690	cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
realnetworks	realplayer	10.0_beta	cpe:2.3:a:realnetworks:realplayer:10.0_beta:::::::*
realnetworks	realplayer	10.5	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
realnetworks	realplayer	10.5_6.0.12.1016_beta	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:::::::*
realnetworks	realplayer	10.5_6.0.12.1040	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*

References

archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html

marc.info/?l=bugtraq&m=109707741022291&w=2

marc.info/?l=bugtraq&m=110616636318261&w=2

service.real.com/help/faq/security/040928_player/EN/

www.kb.cert.org/vuls/id/698390

www.securityfocus.com/bid/12311

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

High

EPSS

0.108

Percentile

95.1%

JSON

Related for CVE-2005-0189